SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-115963983] Ecava IntegraXor

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2017-06-20OtherEcavaTenable Network Security reported the vulnerability and tested the patch. N/ACVE-2017-6050 N/AN/AN/A

Source

						
							
								
#
# Ecava IntegraXor
#


### VULNERABLE VENDOR
Ecava


### VULNERABLE PRODUCT
IntegraXor



### RESEARCHER
Tenable Network Security reported the vulnerability and tested the patch.



### AFFECTED PRODUCTS

The following versions of IntegraXor, a web SCADA/HMI solution, are affected:

IntegraXor Versions 5.2.1231.0 and prior.



### IMPACT

Successful exploitation of this vulnerability may allow unauthenticated remote code execution.



### VULNERABILITY OVERVIEW

SQL INJECTION CWE-89
The application fails to properly validate user input, which may allow for an unauthenticated attacker to remotely execute arbitrary code in the form of SQL queries.
CVE-2017-6050 has been assigned to this vulnerability.
A CVSS v3 base score of 7.3 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)





### BACKGROUND

Critical Infrastructure Sectors: Critical Manufacturing, Energy, Water and Wastewater Systems
Countries/Areas Deployed: United Kingdom, United States, Australia, Poland, Canada, Estonia
Company Headquarters Location: Malaysia




### MITIGATION

Ecava recommends that users of affected IntegraXor versions should update to version 6.0.522.1 or newer, which can be found at the following location:

https://www.integraxor.com/download-scada/